SPA2102 support for TLS/sRTP

ADAM CRISP · ‎03-22-2011

Hello,

I'm considering the SPA2102 for deployment, but need support for TLS/sRTP.

I've noticed a few postings about non standard key exchanges, and the requirement to obtain a certificate generator for use with the device.

Can anybody offer advice on this?

Kind regards

Adam

nseto · ‎03-22-2011

SIP Transport options are UDP, TCP and TLS.

For encrypting the audio itself, there's an app that is used with the mini cert and srtp private key parameter. This app is restricted to particular areas, so you'll need to inquire/obtain through your cisco sales rep. Thanks.

ADAM CRISP · ‎03-24-2011

Thank you.

A couple of questions,

1a. If we had this application that generates the key (to fill in on the configuration form), does this make the units standards compliant ?

For example, our standards compliant carrier switch will run TLS/sRTP with CCME/UC5xx/, Snom phones etc - will the amended SPA2102 be similar, or is the implementation still propriatory.

1b If it's propriatory, would Cisco provide the information for us to support this method on our switch ?

2. Please can you provide a list of Cisco UA's that support standards compliant TLS/sRTP. I'm aware of the status of IOS based products, but please provide information on the smaller devices - such as SPA5xx phones, Small business routers, Is it on UC320 planner, etc

thanks

Adam

nseto · ‎03-24-2011

The sip transport over TLS is standards compliant.

The secure rtp is based on rfc3711 but doesn't quite match it, so it doesn't meet it fully. Both voice endpoints need to be SPA devices for the audio to be secure and to be able to use the mini cert and private key. As mentioned previously, to get the genmc software, you'll need to contact your cisco sales rep who can get the software to you.

ADAM CRISP · ‎03-24-2011

Thank you.

Is this is because you code base it pre-standard ?

nseto · ‎03-24-2011

correct